On Mon, Sep 08, 2008, David Hawthorne wrote:
btw, one of the surprising tricks we learned was that the range
start_port end_port specification won't fill up TCAM on the 6500/7600
IFF your port ranges fall on bit boundaries just like networks do.
I'm sure I've read that documented
Such algorithms are indeed used, as you can see at the IOS reference
for the access-list compiled command where the ACL is converted to a
data structure that is O(1).
I don't know which algorithm they use in IOS nowadays, but for a very
good reference on all of those algorithms (using RAM or
On 8/09/2008 8:43 PM, Oliver Boehmer (oboehmer) wrote:
David,
please check CSCsu35584, it will be fixed in the upcoming 12.4(20)T1
rebuild and the above restriction will be removed..
oli
Hi Oli,
What is the approximate timeframe on 12.4(20)T1?
I'm asking because I'd really like
On Sep 8, 2008, at 9:32 PM, Adrian Chadd wrote:
Bill is practically right. The semantics for Cisco ACLs aren't
here's a set
of IP ranges, apply this behaviour, they're a linear walk of rules
from
top to bottom applying behaviour at each step. Collapsing that into
the
smallest set of
Hi,
I would like to change the number of ospf ecmp by using the
maximum-paths command for up to six equal-cost paths on Cisco 12406.
But I am worried about the impacts on routing/cef/connection for spf
recalculation. Things is it has 6 links now, but ecmp number was like
default (four). Anyone
Are you serious?
Well, I unhappily and disappointedly stand corrected, then. Indeed,
Cisco documentation appears to confirm what you and Bill are saying.
There are a variety of known algorithms for traversing hashed
structures
while taking order of precedence into account. I am, quite
Are you _sure_ that order is important in these ACLs? I ask because I
honestly don't know, so don't get me wrong.
yes it is.. i have seen software based platforms knock 10-20% cpu off by
reworking very poorly laid out ACL's in a top down fashion.
It just seems rather unlikely. Organising
Just to be clear, in case it isn't, I was not referring to how the ACLs
are organised from the user perspective, presentation-wise, but rather I
was surprised that they are not all put into an optimised data structure
on the back side by IOS by default so that matching can happen with
Adrian Chadd wrote:
Please yank the first year computer science curriculum bit which provides
the student with the clue required to algorithmically determine the smallest
set of permit/deny's keeping the above semantics correct. Then do some basic
analysis to find out what the resource bounds
On Tue, Sep 09, 2008 at 09:35:57AM +1000, [EMAIL PROTECTED] wrote:
Hi,
We have a few old Cat4003's that we need to get all L2 Info from(All
vlans/trunks etc) - Was hoping there was a tool(free) that could
automate the task?
Had a look at Cisco Network Assist, and enabled http server on
Jeff, in my experience having multiple BGP sessions between two routers,
with different end-points for each session, works fine ...
- Original Message -
From: Jeff Cartier [EMAIL PROTECTED]
To: cisco-nsp@puck.nether.net
Sent: Monday, September 08, 2008 11:45 AM
Subject: [c-nsp] iBGP
Don't use TACL's on the software platforms. It has been removed
from the CLI for the ISR's (it shouldn't have slipped in to begin with).
There are very difficult challenges to handle for things such
as updating the ACL on configuration change, memory usage, etc.
Most HW forwarding platforms
The packet loss would be very very minimal. Users most likely will
not even notice it.
Your biggest worry in these environments is the hw programming
resources and memory usage when you go with so many dual paths.
Just be aware of that and make sure your hw programming LC's
can support it.
Hi,
Should I worry about errors that are sent from the boot loader?
%SYS-4-CONFIG_NEWER: Configuration from version 12.4 may not be correctly
understood
%-4-SERVUNDEF: The server-group tacacs+ is not defined. Please define
it.
%-4-SERVUNDEF: The server-group tacacs+ is not
On Tue, Sep 09, 2008 at 03:26:18PM +0100, Mateusz B?aszczyk wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rodney
2008/9/9 Rodney Dunn :
Don't use TACL's on the software platforms. It has been removed
from the CLI for the ISR's (it shouldn't have slipped in to begin with).
No.
Rodney
On Tue, Sep 09, 2008 at 04:01:52PM +0200, Rens wrote:
Hi,
Should I worry about errors that are sent from the boot loader?
%SYS-4-CONFIG_NEWER: Configuration from version 12.4 may not be correctly
understood
%-4-SERVUNDEF: The server-group tacacs+ is not
We're trying to light up our first 10G Xenpak link, so far without
success, so I'm looking for a quick sanity check.
3750G-16TD switch with an LR Xenpak [ours], trying to link to a Ciena
[not ours] add/drop ONS.
We had some marginal power levels trying to backhaul the circuit across
campus, so
The Ciena is probably not doing auto negotiation.
try speed nonegotiate on the interface and once it sees light it
should bring the interface up.
On Tue, Sep 09, 2008 at 10:41:31AM -0400, Jeff Kell wrote:
We're trying to light up our first 10G Xenpak link, so far without
success, so I'm
Around 10/17.
On Tue, Sep 09, 2008 at 03:50:10PM +1000, Reuben Farrelly wrote:
On 8/09/2008 8:43 PM, Oliver Boehmer (oboehmer) wrote:
David,
please check CSCsu35584, it will be fixed in the upcoming 12.4(20)T1
rebuild and the above restriction will be removed..
oli
Hi Oli,
I'm using a 7206 NPE-G1 and noticing a lot of buffer misses. Everything
that I find via Google points me to opening a support case but provides very
little background information. There's also a buffer tune automatic
command but little listed about it's proper use. Does anyone have a good
On Tue, 9 Sep 2008, Jeff Kell wrote:
We're trying to light up our first 10G Xenpak link, so far without
success, so I'm looking for a quick sanity check.
3750G-16TD switch with an LR Xenpak [ours], trying to link to a Ciena
[not ours] add/drop ONS.
What type of optics are in use on both
Can a Cisco PIX boomerang a packet--i.e. route a packet coming from
the internal network that is destined for an Internet host back into
the internal network via NAT?
I ask because I have have email clients pointing to mail.domain.com, and
unless I do a split DNS with my mail A record pointing
Hello,
On Tue, Sep 9, 2008 at 9:03 PM, Rogelio [EMAIL PROTECTED] wrote:
Can a Cisco PIX boomerang a packet--i.e. route a packet coming from the
internal network that is destined for an Internet host back into
the internal network via NAT?
I ask because I have have email clients pointing to
On Tue, Sep 09, 2008 at 04:04:46AM -0400, Alex Balashov wrote:
Just to be clear, in case it isn't, I was not referring to how the ACLs are
organised from the user perspective, presentation-wise, but rather I was
surprised that they are not all put into an optimised data structure on the
I am running 720CXL with SXH code and am trying to monitor the punted
traffic to the RP so that I can confirm what actually gets punted to it.
It appears to show packets but not positive I have configured it
correctly. Has anyone else used this tool?
The doc states that when using the
Jeff, it just occurred to me that I did this in an eBGP environment, not
iBGP as you were asking ...
- Original Message -
From: Adam Greene [EMAIL PROTECTED]
To: Jeff Cartier [EMAIL PROTECTED]; cisco-nsp@puck.nether.net
Sent: Tuesday, September 09, 2008 9:41 AM
Subject: Re: [c-nsp]
Kristian Larsson wrote:
Cisco IOS (without the firewall feature set)
doesn't really support stateful firewalls, but is
rather a fixed set of filters applied to packets.
PIX / ASA does stateful packet inspection and some
other mumbo jumbo that security people like to
have. I think that would
I have no clue whether they're actually faster or
not at filtering packets.
Can PIX/ASA filter 10 Gig minimum sized packets at line rate (like many
core routers can)? I notice the data sheet for the ASA 5580-40 claims 10
Gbps (real-world HTTP), 20 Gbps (jumbo frames) - but there's no mention
of
Łukasz Bromirski wrote:
Kristian Larsson wrote:
I have no clue whether they're actually faster or
not at filtering packets.
They are. Statefully filtering and inspecting packets requires a lot
of horsepower, and CPUs in ASAs are much beefier than the ones You can
spot on ISRs or 7200. NAT
I have a 4402 with two subnets, voice and data... and a management
interface.
This is a remote site and the AAA server is at the HQ...
There is no IP address on the service port, but the WLC will not let me add
a route to get to the AAA server... I do not have another subnet to use...
Why can't
Cisco RSP4+ (R5000) processor with 262144K/2072K bytes of memory. Slave in
slot 3 is running Cisco IOS Software, RSP Software (RSP-IK91SV-M), Version
12.2(25)S12, RELEASE SOFTWARE (fc1)
Hello,
I'm bringing up a new BGP peer and am working at tweaking our BGP
routing configuration. In
On Wednesday 10 September 2008 11:44:45 Gregory Boehnlein
wrote:
Can someone explain
to me the reason why Path #3 is being chosen over the
lower AS-Path #1 and #2 routing choices?
Path 3 is the best because it has a higher LOCAL_PREF value
(150) vs. that from paths 1 and 2.
Cheers,
Mark.
We use that, works like a charm.
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Raul Lopez Nevot
Sent: Tuesday, September 09, 2008 2:20 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] can cisco pix boomerang mail traffic?
Hello,
On Tue,
33 matches
Mail list logo